On 05/17/2013 01:47 PM, Reindl Harald wrote:
Am 17.05.2013 13:26, schrieb John Horne:
However, 'firewall-cmd' offers both the '--get-chains' and '--get-rules'
options, but these both require specifying which table is to be used.
How do I know what the tables are? There is no '--get-tables' option.
I can run 'cat /proc/net/ip_tables_names' and this lists the standard
iptables tables (nat ,mangle, filter). But if I use these names with
'firweall-cmd' all I get is a blank line displayed. E.g.
firewall-cmd --direct --get-chains ipv4 nat
This returns only the list of chains that have been added with the
--add-chain command.
The same occurs with all the table names.
So, my question is this, is 'firewall-cmd' working correctly and simply
stating that none of the tables have any chains (and so no rules)?
Secondly, how do I find out what tables are defined for firewalld?
since these are all wrapper around netfilter/iptables you get
the truth with "iptables --list --numeric --verbose"
The tables you can use with firewalld are the same you can use with
ip*tables: filter, nat, mangle, raw and security
But please remember that the availability of tables is bound to the
kernel and also IPv4/IPv6. With newer kernels nat is also available for
IPv6. Before it was only available for IPv4.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
